Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-Akamai-Path-Stats
X-Dns-Prefetch-Control
X-AH-Environment
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
Allow
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
X-Readtime
Cf-Edge-Cache
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
X-Url
Rating
Accept-CH-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
Accept-Ch
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-Server-Name
Edge-Control
RTSS
X-Varnish-TTL
X-VARITI-CCR
X-ESI
X-B3-TraceId
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Dw-Request-Base-Id
X-Amz-Rid
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-Px
Public-Key-Pins
X-Cnection
X-D2id
X-Ac
X-Element-Page-Cache
X-Navigation-Version
X-Edge
X-FastCGI-Cache
Verso
X-RateLimit-Remaining
X-Client-IP
Pagespeed
Display
X-Middleton-Display
X-Abt-Application-Version
X-Sol
X-Ser
X-Powered-By-Plesk
X-Cache-TTL
X-Version
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-GitHub-Request-Id
X-Litespeed-Cache
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
X-Correlation-Id
X-Goog-Hash
Access-Control-Request-Method
X-TTL
SPIisLatency
SPRequestDuration
X-Kinsta-Cache
X-Content-Security-Policy-Report-Only
X-Cached
X-Edge-Location-Klb
AR-Request-ID
AR-ATIME
AR-CACHE
AR-SID
X-Ruxit-Js-Agent
AR-PoweredBy
SPRequestGuid
X-SharePointHealthScore
X-Upstream
X-Powered-CMS
X-Webkit-Csp
X-LLID
X-Ttl
Edge-Cache-Tag
X-NWS-LOG-UUID
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
Nginx-Cache
X-RateLimit-Limit
X-Forwarded-For
X-Cache-Key
Content-MD5
X-MSEdge-Ref
X-Id
Mrf-Cache-Status
X-Shield-Request-Id
MRF-Tech
TCN
X-T
X-B3-TraceId-Primal
X-Daa-Tunnel
S
X-Recruiting
X-Content-Digest
MS-Author-Via
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Mg-S
X-ECACHE
X-Ua-Device
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Accel-Expires
X-Protected-By
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
X-HS-Cache-Config
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Ua-Browser
X-Grace
X-Content
X-Ab
X-Request-Processing-Time
X-Request-Received
X-Frontend
Front-End-Https
Filters
Server-Node
X-Yandex-Sdch-Disable
X-DataDome
X-WebKit-CSP-Report-Only
X-PressLabs-Stats
TP-Cache
TP-L2-Cache
X-Origin-Server
X-Server-ID
X-Mid
X-DynaTrace
X-ORACLE-DMS-ECID
Fastcgi-Cache
X-Distributor
X-Hits
X-ORACLE-DMS-RID
X-Geo-Country
X-Microsite
X-Request-Handler-Origin-Region
X-Ratelimit-Reset
X-Amzn-Trace-Id
Cleartype
X-Tt-Trace-Tag
X-Debug-Info
X-Tt-Trace-Host
X-Page-Id
X-LB-Cache
Host
X-Git-Hash
Charset
X-F-Cache
X-B3-Sampled
Cross-Origin-Opener-Policy
X-DIS-Request-ID
X-Forwarded-Proto
X-MCACHE
X-Cache-Age
X-Www-Served-By
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Seen-By
ServerID
Access-Control-Allow-Method
Cache-Status
Realpath
X-Az
X-AppVersion
X-Activity-Id
Accept-Charset
Cache-Tags
X-XRDS-LOCATION
X-Varnish-Age
Filterid
X-Cluster-Name
X-Aspnetmvc-Version
X-Language
X-Rid
X-Fastly-Request-Id
X-Nginx-Upstream-Cache-Status
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Content-Options
X-Type
X-App-Environment
Retry-After
Server-Name
Country
X-Varnish-Grace
X-Upgrade-Enabled
Viewport
X-FB-Debug
X-Whom
X-Request-Guid
X-Drupal-Cache-Tags
X-Wix-Request-Id
X-B-Cache
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Signature
X-Tb
X-Providence-Cookie
Node
X-User-Agent
Paypal-Debug-Id
X-Flags
DC
X-Route-Name
X-Origin-Cache
X-Varnish-Backend
X-Mobile-URL
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-TT
X-Goog-Stored-Content-Encoding
X-Oracle-Dms-Ecid
X-Goog-Generation
X-GUploader-UploadID
X-VCache
X-Oracle-Dms-Rid
Fastcgi-Useragent
X-NWS-UUID-VERIFY
Protected
X-B
WPO-Cache-Status
X-Via-JSL
WPO-Cache-Message
X-N
X-Debug
X-Amz-Replication-Status
X-Logged-In
X-Cache-NGX
Payment
X-Contextid
X-Load-Cache
X-Amz-Meta-S3cmd-Attrs
Permissions-Policy
Surrogate-Key
X-Cache-Control
X-Mcache
X-Node-Name
X-Template
X-Trace-Id
Count-Hit
X-FW-Static
X-FW-Hash
X-FW-Server
X-FW-Dynamic
X-FW-Type
X-FW-Serve
X-Browser-Type
X-Fastly-Request-ID
X-Erf-Bev-Bev
Healthy
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
X-Original-Request-Id
X-Mobile
SD-X-WS
Refresh
Akamai-GRN
Content-Disposition
X-Proxy
X-Cache-Time
X-Is-Bot
X-Revision
X-UUID
X-Rendered-As
X-Real-IP
X-G
X-XRDS-Location
X-Jobs
X-Fastcgi-Cache
X-Cache-TTL-Remaining
Alternate-Protocol
X-Cacheable-TTL
X-Page-View
X-Akamai-Request-ID2
X-Framework
Amp-Access-Control-Allow-Source-Origin
X-Zen-Fury
X-Http-Reason
X-Proxy-Cache-Status
X-Drupal-Cache-Contexts
X-Device-Type
X-Adobe-Content
Uber-Trace-Id
NGB
X-Adobe-Loc
Url
X-Debug-IsPreview
X-Debug-IsConnected
Access-Control-Request-Headers
X-Instance
VIX-Pulpo-Node
X-IPLB-Instance
X-Yottaa-Metrics
X-Yottaa-Optimizations
VIX-Pulpo-Upstream-Status
X-Servername
X-Cache-Grace
X-Restarts
X-NGENIX-Cache
X-Hostname
X-Varnish-Server
Version
X-Source
X-Mg-Request-UUID
X-Datadome
X-L-Path
X-ECache
X-Environment-Context
X-B3-Traceid
Accept-Language
X-Cache-Rule
X-Cache-Hit
Countrycode
X-HTML-Minification-Powered-By
X-EdgeConnect-Cache-Status
X-Vgn-Hpd-Reason
Ms-Operation-Id
X-RTag
MS-CV
From-Origin
X-Oneagent-Js-Injection
X-Cache-Expired-At
Referer-Policy
Frame-Options
X-App-Server
X-Parallel-Accel
Liferay-Portal
X-Midtier
X-NYM-Debug-Backend
X-Ratelimit-Remaining
X-Tumblr-Pixel-0
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
Backend
X-FW-Version
X-IPS-LoggedIn
X-Nginx-Cache
Content-Secure-Policy
X-COUNTRY
X-Hosted-By
X-RemovedCookies
Upgrade-Insecure-Requests
X-Redis-Cache
X-RN-RSRV
X-ProcessESI
X-Cache-Server
X-UPSTREAM-Address
Meta-Geo
X-No-Session
X-Content-Age
X-Generation-Time
Section-Io-Cache
X-Ua
X-Cache-Action
CF-IPCountry
X-Detected-As
TWC-Locale-Group
X-Mode
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-LatLong
X-Human
Property-Id
TWC-Device-Class
TWC-Connection-Speed
S-Rt
Webcakes-App-Version
Mn-Server-Ip
Cache-Tv-Group
X-Unique-Id
Azure-InstanceId
X-Be
X-Cache-Enabled
X-FB-TRIP-ID
Azure-RegionName
Azure-SiteName
X-Access
X-Format
Azure-Version
Azure-SlotName
Webcakes-Region
X-OCL
X-Site-Version
X-UA-Device-Type
TWC-GeoIP-Country
X-Server-W
X-Sql-Count
X-Via-Fastly
X-Uri
X-Sql-Duration-Ms
X-Varnish-Cache-Hits
X-PHP-Backend
X-Section
X-PCL
X-Region
X-Origin-Hint
X-Request-Time
X-BYPASS-REASON
X-ProxyCache-Key
X-Cache-Host
X-Urbn-Site-Id
X-Alternate-Cache-Key
X-AOL-HN
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Urbn-Context-Path
X-Sorting-Hat-ShopId
X-ShardId
X-Akamai-Edgescape
Ec-Rule-Version
X-Xfnlog-Site
Eomportal-Instance
Fastly-SSL
Locale
CDN-Uid
CDN-RequestId
CDN-CachedAt
CDN-Cache
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
Apigw-Requestid
X-ProxyCache-Status
X-Debug-Cache
X-Say-Cacheable
X-Generated-By
X-SayCDN-TTL
X-Status
X-Content-Powered-By
X-Nginx-Cache-Key
X-Origin-Date
X-Say-TTL
X-Cluster-Node
X-Platform-Server
X-Handled-By
X-SaId
X-Cache-Tags
X-JoinUs
X-Zipkin-Id
X-Locale
X-PERF
X-ServerID
X-TT-LOGID
X-Hl-Ver
X-Adobe-Source
X-Forwarded-Host
X-Web-Node
X-ApacheServer
X-Tid
X-Proxied
X-Cache-Type
X-Backend-Name
X-Storage
X-Extlb
X-Varnishpool
X-Routing-Service
X-APP-VERSION
WP-Super-Cache
X-Labrador-Cache-Channel
X-PHP-Host
X-NewRelic-App-Data
X-LJ-Flow-ID
X-VWS-Id
X-Proxy-Build
X-AWS-Id
X-Timing-Wait
X-Hyper-Cache
Selected-Fe
X-Dc
X-Webkit-CSP
X-Cms-Context
X-GG-Cache-Date
X-VC-Cache
ServedBy
X-Storefront-Renderer-Rendered
X-Rule
X-Edge-Location
X-Cache-Operation
X-App-Version
X-Proto
X-LSADC-Cache
Load-Balancing
Web-Mar-Node
X-Cached-By
SID
Fastly-Drupal-Html
Webserver
Onion-Location
X-Ratelimit-Limit
X-Accel-Buffering
Mime-Version
X-Rewrite-Enabled
X-Cache-Remote
SRV
X-TA-CDN-Provider
X-Soup
X-GeoCode
X-CDN-Forward
X-GeoCountry
X-Varnish-Hostname
X-GEO
Xserver
Cache-Hits
X-Cdn
X-Reqid
X-Pubstack
X-SRV
X-Cluster
Country-Code
X-Origin-CC
X-Buckets
X-Origin-TTL
X-Microcachable
X-Varnish-Hits
X-Request-Host
X-Envoy-Decorator-Operation
Xet-Cookie
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-CSRF-Token
X-Tumblr-Pixel-3
X-Magnolia-Registration
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Server-Info
X-Time
X-Air-Source
X-Ms-Version
X-Ms-Request-Id
X-Air-Hostname
X-Air-Trace-Id
LB
DB-Nickname
X-Amz-Apigw-Id
X-IPLB-Request-ID
X-Amzn-RequestId
X-B3-SpanId
Cache
X-Endurance-Cache-Level
X-RCS-CacheZone
X-NCache
T-Server
Fastcgi-X-Cache-Version
Expiry
X-Developer
X-Geo-Header
X-Connection-Hash
X-Conf
X-A-Dgt
X-Processor
X-A-Wwc
X-A-Dcw
X-D
BehaviorPad-Version
Cdncip
Cdnsip
X-NAPM-TraceId
X-Gzip
A
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-Hash
Source
X-Destination
X-Aed
DCR-Decision-By
DCR-Processing-Time-Ms
X-A-Dam
X-PAYTM-SRV-ID
X-A-Ccd
Cmstype
Cmsid
X-A
X-Orig-Expires
X-PBS-Appsvrname
X-ScT
X-Tenant
X-Bc-Bl
MD5-Digest
X-Ec-Fail
X-TIM-N
X-Esi-Check
X-SRCache-Key
X-CF-Lambda-Version
Lang
X-External-Request-Id
X-Cache-NE
X-Epic-Correlation-Id
X-TrackingId
X-Vdms-Path
X-Cdn-Srv
X-Vdms-Version
X-Cache-Id
X-VG-WebCache
X-CF-Lambda-Fn
X-Ec-GeoHdr
X-User
Meta-Geo-Continent
Mobile-Detection-Method
X-Cache-Bucket
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Ftr-Request-Id
X-Rojux
X-S
X-S-Cookie
X-ARC
X-Application
Xc-Version
Pramga
X-AK-Request-ID
Surrogated-Key
X-Forwarded-Path
Sslversion
Host-ID
X-B-Cookie
NM-Fastcgi-Cache
X-SD-PageType
Rendered-Blocks
X-Shop-Environment
X-Session-Fingerprint
Odigeo-Trace-Id
X-Varnish-Beresp-Grace
CDN
X-CACHE-KEY
X-Has-Esi
X-Hnp-Log
X-Dispatcher-Number
Server-Host
X-Ec-Custom-Error
Mail-Subject
X-Fmm-Version
X-Gen-Mode
Environment
State
X-Gdpr
Fastly-GeoIP-CountryCode
X-Fetched-On
X-Developers
Memcached
AKAMAI
Machine
X-Fastly-Cache
X-Device-Os
User-Cache-Control
X-Planisys-CDN-TTL
X-Sigma-Backend
X-Sigma
AMP-Access-Control-Allow-Source-Origin
X-Slack-Backend
X-Block-Status
X-Server-IP
X-Scheme
X-Clara-WADP
X-Core-Mission
X-Rocket-Build-Number
X-Ckpd-Fst-Backend
X-SB
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Wix-Viewer-Type
X-CacheTTL
Cache-Name
X-Worker
DynaTrace
X-WADP-Cache
X-Cache-Info
X-TNCMS
X-R9-Blue-Green-Version
X-V-Cache
X-Cache-Backend
X-Via-Ucdn
X-Core-Value
X-Amzn-Remapped-Content-Length
Wxu-Next-Region
X-Mvc-Supplant-Cachable
X-JWT-State
X-Node-Id
We-Hiring
Web-Mar-Region
Wxu-Next-Commit
Wxu-Next-Hostname
X-Loop
X-Nyt-Route
X-Is-Gdpr
X-Origin-Time
X-Irp-Debug
X-Planisys-CDN-Cache
X-Origin-Response-Time
X-Planisys-CDN-Rules
X-Origin
X-Azure-Ref
X-Varnish-Ttl
X-Via-NSCOPI
HostName
Release
X-Cache-Date
X-Datadog-Trace-Id
Traceparent
Req-Svc-Chain
Redirect-Candidate
X-Datadog-Sampling-Priority
Server-Ext
X-BBC-Edge-Cache-Status
TDXMobile
Sever-Int
X-Auto-Login
Ssr
X-Aicache-OS
X-Datadog-Parent-Id
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-DefHash
X-Branch-Name
Thinkindot-Control
Server-Hostname
Producers
X-DefElseHash
X-Level-Front-Cache
X-Pool
X-Policy
X-Tx-Id
X-Proxy-Upstream
X-Region-Sid
X-Pod-Name
X-Platform
X-LAGOON
X-HN
X-Minions-Version
Platform
X-Origin-Expires
X-Rocket-Nginx-Serving-Static
X-Served-From
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-VG-TLSProxy
X-VServer
X-Webstats-RespID
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Skip-Cache
X-Newrelic-Synthetics
X-Thinkindot-L3
X-Variation
Adler-Geo
X-NodeID
L
Fastcgi-Cache-TTL
X-Generated-On
Cluster
X-Forwarded-Site
Kp-EeAlive
Is-Eu
X-From
X-Gamma-Serve
Gh-Request-Id
Apple-News-Services-Handled
X-GeoIP
CloudFront-Viewer-Country
Origin-EX
PFcat
Apple-News-Services-Host
X-DPWN-IS-SECURE
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
N-Cache
Origin-CC
Origin
X-Eu-Site
X-SIPLIST1
X-Sn-Servicetimems
X-Viewer-Country
X-RateLimit-Remaining-Second
X-Optimistic-Header
X-GeoIP-City
X-Location
X-Loc
X-Httpd
X-Cdn-Origin
X-Owner
X-Csrf-Jwt
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-Proxy-Cache-Info
X-Qloud-Router
X-Scale
X-CGP
Fastly-SIE
Ha-Gx-Prefs
Vix-Hermes-Req-Id
V-Age
DSUID
X-Tec-Api-Root
X-Tec-Api-Origin
NGX
Svr
X-ZONE
X-Tec-Api-Version
Fastly-SWR
L5d-Success-Class
HA-Ipaddr
IsBot
X-VC
X-CS
X-Refresh
X-NC
X-Wikidot-Backend
X-Wikidot-Static-Cache
Pics-Label
X-BCube-Filmed-By
X-WP-CF-Super-Cache
Cache-Key
Candidate-Md5Url
Ohc-File-Size
Datacenter
X-WP-CF-Super-Cache-Cache-Control
X-SplitTest
XM
X-Men
VNS-Cache
CPC-Cache
VNS-Age
Arc-Country
CPC-Age
X-Contensis-Viewer-Groups
X-Ad-Defer-Variation
X-Cache-Status-Check
X-Cache-ASPX
X-Parent-Response-Time
Locid
X-TraceId
X-Tb-Optimization-Total-Bytes-Saved
Fastly-Backend-Name
GEO-INFO
X-WA-Info
X-Ah-Environment
X-EC-Lua
X-Tt-Logid
X-Edge-Pop
X-Varnish-Authentication
X-Response-By
X-Old-Content-Length
Lb
Ms-Author-Via
Env
X-LB-NoCache
X-RSL
X-RPS
X-Srv
X-RPM
X-DSS
X-DI
X-DB
X-DW
X-Micro-Cache
Servername
X-Udemy-Cache-App-Namespace
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-AIR-PT
X-Mvc-Supplant-OutputCached
X-Date
GeoIp-Country-Code
X-Accel-Expires-Debug
Time
Memory
X-Amz-Meta-Cb-Modifiedtime
X-Xrds-Location
X-Akamai-Transformed
X-TIME
X-Generated-In
X-HA-Backend
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Path
X-Cache-Debug
Ngx.Var.Host
Cache-Host
X-Servedbyhost
X-Api-Version
ITXSESSIONID
FSS-Cache
X-S-Maxage
Geoip-Latitude
Ohc-Cache-HIT
X-RateLimit-Reset
Client
X-API-Version
True-Client-IP
X-Varnish-Beresp-TTL
XkeyRZ
X-Proxy-CacheRZ
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
CacheControlHeader
X-VCL-Version
X-Clientip
X-Vc
X-VHOST
X-Cs
True-Client-Country-4JS
X-Action
Server-ID
X-TH-Server
X-DC
X-Trace-ID
Geo-Info
X-Zone
X-TX-ID
X-Backend-TTL
X-FireWall-Port
X-Presslabs-Stats
Hostname
X-Fpc
X-Webkit-Csp-Report-Only
Powered-By
Edge-Cache
NtCoent-Length
X-Req
X-Dmc
X-Render-Time
X-MSEdge-Flight
X-B3-Spanid
X-FPC
My-App
X-Pass-Why
X-MSEdge-Features
X-PX
X-INCAP-ABP
X-Provided-By
Test
Tcn
X-Traceid
X-DynaTrace-JS-Agent
X-Origin-Upstream-Status
X-NGINX-Cache
X-Vcl-Version
X-Cdn-Request-ID
X-Gateway-Request-Id
X-Up
X-CSRF-TOKEN
C-Via
Server-Id
X-Gateway-Cache-Key
X-Gateway-Cache-Status
Rip
X-Gateway-Skip-Cache
X-Service
X-M-Reqid
Cf-Int-Pingora-Origin-Digest
X-Correlation-ID
X-Varnish-Beresp-Ttl
Tube-Return
OT-Force-Account-Verify
X-Qnm-Cache
X-Webkit-CSP-Report-Only
HIT
Tube-Got-Results
Tube-Got-Eval
X-HS-Status
X-Beluga-Record
Click-Count-Error
Tube-Get-Contents
Click-Count-Action-Start
Esi-Enabled
X-LB-ID
X-Beluga-Cache-Status
X-Beluga-Node
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Trace
User-Agent
X-M-Log
Proxy-Connection
On-Server
DataCenter
X-Li-Pop
X-Via-PopN
X-APP
X-Via-PopH
Uri
X-Li-Fabric
X-Ha-Backend
X-Via-PopV
X-UnsetCookies
X-ServedByHost
X-Alfa-Service
Resin-Trace
RATING
X-URL
Srvid
X-LI-UUID
X-CLOUD-TRACE-CONTEXT
WebServer
X-Geo
X-Dynatrace
Sid
X-ND-Cache
X-Time-Microsecs
X-Cdn-Forward
X-RAMCache
GeoIP-Latitude
GeoIP-Country-Code
WZWS-RAY
MIME-Version
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Epwk-X-Cache
X-CUA
X-Hcs-Proxy-Type
X-Fetch-By
X-Proxy-Cache-Hk
X-LI-Proto
Srv
X-HostName
Fastly-Drupal-HTML
X-TRACE-ID
Target-Params
X-Fragments
ENV
X-Platform-Processor
X-Platform-Cluster
X-Backend-Host
Tracecode
X-Edge-Origin-Shield-Bytes
X-Lb-Nocache
X-Platform-Router
ServerName
X-Fastly-Backend-Reqs
X-ATG-Version
Cf-Device-Type
Warning
X-Edge-Origin-Shield-Region
X-Esi
Cdn
X-FC-Vary-Parameters
X-B3-Traceid-Primal
X-Sucuri-Cache
Lfy
X-Fastly-Backend
X-Edge-POP
Server-Ttl
X-Sucuri-ID
M-TraceId
XServer
X-Var-Ttl
Dt-Hot-News
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-MG-S
X-ElasticPress-Query
Wp-Super-Cache
X-Varnish-Beresp-Status
Inserted-Into-Cache-At
PICS-Label
X-Yottaa-OS
X-Request-Url
X-Azure-Ref-OriginShield
Section-Io-Id
Section-Io-Origin-Status
X-Cache-Expires
CF-Cached-On
X-Newrelic-App-Data
X-App
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
D-Url-Rewrites
X-Backend-State
Magicmarker
X-Dw-Trace-Id
Cf-Ipcountry
X-Serial
X-Li-Proto
X-Iplb-Request-Id
X-LiteSpeed-Cache-Control
X-Vcache
X-Nc
X-Iplb-Instance
X-CF-Powered-By
X-NU-AKA-ACS-Version
Servedby
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
X-Litespeed-Cache-Control
X-Dist-Code
Cneonction
X-Snapshot-Date
X-Vercel-Id
X-Acquia-Site
Ngx
X-Vercel-Cache
X-Acquia-Purge-Tags
CountryCode
X-Release
X-Th-Server
Content-Script-Type
Content-Style-Type
X-BBC-Origin-Response-Status
X-Request-URL
X-Back
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Storefront-Renderer-Verified
Fastcgi-Cache-Ttl